alarsyo/spot
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Import of lbtt 1.0.3

Browse source
This commit is contained in:
Alexandre Duret-Lutz 2004-02-16 11:35:59 +00:00
parent 06226f3227
commit 15618b84ea
68 changed files with 3988 additions and 3257 deletions
Download patch file Download diff file Expand all files Collapse all files

194
lbtt/doc/lbtt.texi
View file

@ -1,7 +1,7 @@
\input texinfo @c -*-texinfo-*-
@c %**start of header
@setfilename lbtt.info
@settitle @command{lbtt}
@settitle @command{lbtt}
@afourpaper
@c %**end of header
@ -13,8 +13,8 @@
@end ifhtml
This file documents how to use the LTL-to-B@"uchi
translator testbench @command{lbtt}.
Copyright @copyright{} 2003 Heikki Tauriainen
Copyright @copyright{} 2004 Heikki Tauriainen
@ifinfo
@email{heikki.tauriainen@@hut.fi}
@end ifinfo
@ -24,7 +24,7 @@ Copyright @copyright{} 2003 Heikki Tauriainen
@end ifnothtml
@end ifnotinfo
@ifhtml
@ifhtml
@html
<blockquote>
@end html
@ -32,7 +32,7 @@ Copyright @copyright{} 2003 Heikki Tauriainen
Permission is granted to make and distribute verbatim
copies of this manual provided the copyright notice and
this permission notice are preserved on all copies.
@ignore
Permission is granted to process this file through TeX
and print the results, provided the printed document
@ -48,7 +48,7 @@ entitled ``GNU General Public License'' is included exactly
as in the original, and provided that the entire resulting
derived work is distributed under the terms of a
permission notice identical to this one.
Permission is granted to copy and distribute
translations of this manual into another language,
under the above conditions for modified versions.
@ -68,7 +68,7 @@ under the above conditions for modified versions.
@author Heikki Tauriainen <@email{heikki.tauriainen@@hut.fi}>
@page
@vskip 0pt plus 1filll
Copyright @copyright{} 2003 Heikki Tauriainen
Copyright @copyright{} 2004 Heikki Tauriainen
<@email{heikki.tauriainen@@hut.fi}>
The latest version of this manual can be obtained from@*
@ -77,7 +77,7 @@ The latest version of this manual can be obtained from@*
Permission is granted to make and distribute verbatim
copies of this manual provided the copyright notice and
this permission notice are preserved on all copies.
Permission is granted to copy and distribute modified
versions of this manual under the conditions for
verbatim copying, provided also that the section
@ -86,7 +86,7 @@ is included exactly as in the original, and provided
that the entire resulting derived work is distributed
under the terms of a permission notice identical to this
one.
Permission is granted to copy and distribute
translations of this manual into another language,
under the above conditions for modified versions.
@ -103,7 +103,7 @@ under the above conditions for modified versions.
for translating propositional linear temporal logic formulas into
B@"uchi automata.
This is edition 1.0.1 of the @command{lbtt} documentation. This edition
This is edition 1.0.2 of the @command{lbtt} documentation. This edition
applies to @command{lbtt} versions 1.0.x.
@command{lbtt} is free software, you may change and redistribute it
@ -122,10 +122,8 @@ comes with NO WARRANTY. See @ref{Copying} for details.
* Analyzing test results:: Working with @command{lbtt}'s internal
commands.
* Interfacing with @command{lbtt}:: Interfacing LTL-to-B@"uchi translators
* Interfacing with lbtt:: Interfacing LTL-to-B@"uchi translators
with @command{lbtt}.
* The @command{lbtt-translate} utility:: An interface for two LTL-to-B@"uchi
translators.
* References:: List of references.
@ -271,7 +269,7 @@ for more information.
formulas in the same state space using
an LTL-to-B@"uchi translator should
give consistent results.
* B@"uchi automata intersection emptiness check::
* Automata intersection emptiness check::
The intersection of the languages
accepted by two B@"uchi automata
constructed from two complementary
@ -811,7 +809,7 @@ $$
@end ifnottex
@noindent
where
where
@iftex
@tex
$\it{op}'$
@ -1129,16 +1127,9 @@ and the model checking result consistency check
on the model checking results, and reports all detected failures.
The B@"uchi automata intersection emptiness check
@ifnottex
(@pxref{B@"uchi automata intersection emptiness check})
@end ifnottex
@iftex
(@pxref{Automata intersection emptiness check})
@end iftex
operates as follows
(note that the LTL-to-B@"uchi translation phase is repeated in this figure
only for completeness; in reality, @command{lbtt} performs this phase only
once):
(@pxref{Automata intersection emptiness check}) operates as follows (note that
the LTL-to-B@"uchi translation phase is repeated in this figure only for
completeness; in reality, @command{lbtt} performs this phase only once):
@ifhtml
@*
@end ifhtml
@ -1207,7 +1198,7 @@ providing an additional implementation to include in the tests.
@node Model checking result consistency check, B@"uchi automata intersection emptiness check, Model checking result cross-comparison test, Test methods
@node Model checking result consistency check, Automata intersection emptiness check, Model checking result cross-comparison test, Test methods
@section Model checking result consistency check
@cindex model checking result consistency check
@ -1217,7 +1208,7 @@ LTL model checking tells whether any of the infinite paths starting from some
state of a state space satisfies a given LTL formula. If there
are no such paths beginning from the state, it follows that all infinite paths
beginning from the state must then satisfy the @emph{negation} of the same
formula. Since all state spaces used by @command{lbtt} always have at least
formula. Since all state spaces used by @command{lbtt} always have at least
one path beginning from each state of the state space (guaranteed by the
state space generation algorithms), at least
one path beginning from any state must satisfy either the formula or its
@ -1245,9 +1236,8 @@ section.
@end iftex
@node B@"uchi automata intersection emptiness check, , Model checking result consistency check, Test methods
@section B@"uchi automata intersection emptiness check
@anchor{Automata intersection emptiness check}
@node Automata intersection emptiness check, , Model checking result consistency check, Test methods
@section Automata intersection emptiness check
@cindex B@"uchi automata intersection emptiness check
@cindex tests, B@"uchi automata intersection emptiness check
@ -1361,21 +1351,21 @@ section specifying an LTL-to-B@"uchi translator. The other sections
are optional and can be used to override the default testing parameters.
@menu
* @samp{Algorithm} section:: Each LTL-to-B@"uchi translator to be
* Algorithm section:: Each LTL-to-B@"uchi translator to be
tested requires a separate
@samp{Algorithm} section in the
configuration file.
* @samp{GlobalOptions} section:: Options for changing the general
* GlobalOptions section:: Options for changing the general
behavior of @command{lbtt}.
* @samp{FormulaOptions} section:: Options controlling the way random
* FormulaOptions section:: Options controlling the way random
LTL formulas are generated.
* @samp{StateSpaceOptions} section:: Options controlling the way random
* StateSpaceOptions section:: Options controlling the way random
state spaces are generated.
* Sample configuration file:: An example of a configuration file.
@end menu
@node @samp{Algorithm} section, @samp{GlobalOptions} section, Configuration file, Configuration file
@node Algorithm section, GlobalOptions section, Configuration file, Configuration file
@subsection The @samp{Algorithm} section
@cindex configuration file, @samp{Algorithm} section
@ -1439,7 +1429,7 @@ which is used to run the translator.
@node @samp{GlobalOptions} section, @samp{FormulaOptions} section, @samp{Algorithm} section, Configuration file
@node GlobalOptions section, FormulaOptions section, Algorithm section, Configuration file
@subsection The @samp{GlobalOptions} section
@cindex configuration file, @samp{GlobalOption} section
@ -1488,14 +1478,8 @@ The default value for this option is @samp{Always}.
@findex IntersectionCheck @r{[}GlobalOptions@r{]}
@findex IntersectionTest @r{[}GlobalOptions@r{]}
This option can be used to enable or disable the B@"uchi automata intersection
emptiness check
@ifnottex
(@pxref{B@"uchi automata intersection emptiness check}).
@end ifnottex
@iftex
(@pxref{Automata intersection emptiness check}).
@end iftex
The test is enabled by default.
emptiness check (@pxref{Automata intersection emptiness check}). The test is
enabled by default.
@item ModelCheck = Local @r{|} Global
@findex ModelCheck @r{[}GlobalOptions@r{]}
@ -1531,7 +1515,7 @@ the value results in more output. The default value is 3.
@node @samp{FormulaOptions} section, @samp{StateSpaceOptions} section, @samp{GlobalOptions} section, Configuration file
@node FormulaOptions section, StateSpaceOptions section, GlobalOptions section, Configuration file
@subsection The @samp{FormulaOptions} section
@cindex configuration file, @samp{FormulaOptions} section
@ -1796,7 +1780,7 @@ option has no effect if @samp{AbbreviatedOperators} is set to @samp{No}.)
@node @samp{StateSpaceOptions} section, Sample configuration file, @samp{FormulaOptions} section, Configuration file
@node StateSpaceOptions section, Sample configuration file, FormulaOptions section, Configuration file
@subsection The @samp{StateSpaceOptions} section
@cindex configuration file, @samp{StateSpaceOptions} section
@ -1867,12 +1851,7 @@ the generated state spaces. The default value is 5.
Usually this should probably be the same as the maximum number of
different atomic propositions in the generated formulas
@ifnottex
(@pxref{@samp{FormulaOptions} section}).
@end ifnottex
@iftex
(see the previous section).
@end iftex
(@pxref{FormulaOptions section}).
If the number of propositions attached to each state of
the state spaces is less than the maximum number of different propositions that
may occur in the generated formulas, all ``extra'' propositions in the formulas
@ -1916,7 +1895,7 @@ in any state of the state space. Note: This option has no effect if
@end table
@node Sample configuration file, , @samp{StateSpaceOptions} section, Configuration file
@node Sample configuration file, , StateSpaceOptions section, Configuration file
@subsection Sample configuration file
@cindex configuration file, example
@ -2211,13 +2190,7 @@ between test rounds to wait for user input.
@vindex --intersectiontest
@vindex --nointersectiontest
These options enable or disable the B@"uchi automata intersection emptiness
check
@ifnottex
(@pxref{B@"uchi automata intersection emptiness check}).
@end ifnottex
@iftex
(@pxref{Automata intersection emptiness check}).
@end iftex
check (@pxref{Automata intersection emptiness check}).
@item --localmodelcheck
@vindex --localmodelcheck
@ -2545,7 +2518,7 @@ This option can be used to change the size of the generated state spaces.
@vindex --truthprobability
This option sets the probability that @command{lbtt} uses for choosing the
valuation for each atomic proposition in each state of the randomly generated
state spaces. (This option has no effect is using enumerated paths as state
state spaces. (This option has no effect if using enumerated paths as state
spaces.)
@end table
@ -2643,8 +2616,8 @@ Program configuration:
Atomic symbols in use (priority):
false (5); propositions (90); true (5)
Operators used for random LTL formula generation:
operator ! /\ U V X \/
priority 10 20 20 20 10 20
operator ! /\ U V X \/
priority 10 20 20 20 10 20
@end smallexample
@node Test round messages, Test statistics, Configuration information, Interpreting the output
@ -2753,12 +2726,7 @@ The output of phases 4---8 will be repeated for each implementation included in
the tests. After this @command{lbtt} proceeds to the model checking result
cross-comparison test (@pxref{Model checking result cross-comparison test}) and
the B@"uchi automata intersection emptiness test
@ifnottex
(@pxref{B@"uchi automata intersection emptiness check}).
@end ifnottex
@iftex
(@pxref{Automata intersection emptiness check}).
@end iftex
The model checking result cross-comparison test might result in the following
output:
@ -2886,13 +2854,8 @@ state of the state space).
@item
Number of failures in the B@"uchi automata intersection emptiness check
@iftex
(@pxref{Automata intersection emptiness check})
@end iftex
@ifnottex
(@pxref{B@"uchi automata intersection emptiness check})
@end ifnottex
for each pair of implementations.
(@pxref{Automata intersection emptiness check}) for each pair of
implementations.
@end itemize
Note that the pairwise inconsistency results form a symmetric matrix (although
@ -2908,7 +2871,7 @@ and all LTL formulas used in the tests.
@node Analyzing test results, Interfacing with @command{lbtt}, Interpreting the output, Top
@node Analyzing test results, Interfacing with lbtt, Interpreting the output, Top
@chapter Analyzing test results
This chapter documents how to use @command{lbtt}'s internal commands to
@ -2921,7 +2884,7 @@ case a test failure is detected) between test rounds to wait for user input by
showing a prompt of the form
@smallexample
** [Round 22 of 1000] >>
** [Round 22 of 1000] >>
@end smallexample
@menu
@ -3217,12 +3180,7 @@ automata correctness tests. The second part describes the conventions that
@cindex failure analysis, B@"uchi automata intersection check
@cindex analyzing test failures, B@"uchi automata intersection emptiness check
Analyze a failure in the B@"uchi automata intersection emptiness check
@ifnottex
(@pxref{B@"uchi automata intersection emptiness check}).
@end ifnottex
@iftex
(@pxref{Automata intersection emptiness check}).
@end iftex
The two implementation identifiers select the B@"uchi automata for which
to perform the analysis. The B@"uchi automata intersection emptiness
check always involves automata constructed from the positive and the negative
@ -3463,7 +3421,7 @@ which can be seen from the proof.
@node Interfacing with @command{lbtt}, The @command{lbtt-translate} utility, Analyzing test results, Top
@node Interfacing with lbtt, References, Analyzing test results, Top
@chapter Interfacing LTL-to-B@"uchi translators with @command{lbtt}
@cindex LTL-to-B@"uchi translators, interfacing with
@ -3472,12 +3430,7 @@ which can be seen from the proof.
This chapter gives the details on how to use @command{lbtt} for
testing LTL-to-B@"uchi translation algorithm implementations that are not
supported by the basic distribution. (See
@ifnottex
@ref{The @command{lbtt-translate} utility}
@end ifnottex
@iftex
the next chapter
@end iftex
@ref{The lbtt-translate utility}
for information on how to connect several publicly available
LTL-to-B@"uchi translator implementations to @command{lbtt}.)
@ -3486,12 +3439,14 @@ LTL-to-B@"uchi translator implementations to @command{lbtt}.)
LTL-to-B@"uchi translator.
* Format for LTL formulas:: How @command{lbtt} passes LTL formulas
to the translators.
* B@"uchi automata:: How @command{lbtt} expects the translators
* Format for automata:: How @command{lbtt} expects the translators
to present their output.
* The lbtt-translate utility:: An interface for two LTL-to-B@"uchi
translators.
@end menu
@node Translator interface, Format for LTL formulas, Interfacing with @command{lbtt}, Interfacing with @command{lbtt}
@node Translator interface, Format for LTL formulas, Interfacing with lbtt, Interfacing with lbtt
@section Translator interface requirements
@cindex LTL-to-B@"uchi translators, interface requirements
@ -3514,7 +3469,7 @@ The translator executable should read its input (an LTL formula) from
@var{input-file} and write its output (a B@"uchi automaton) into
@var{output-file} (without removing the input file); see
@ifnottex
@ref{Format for LTL formulas} and @ref{B@"uchi automata}
@ref{Format for LTL formulas} and @ref{Format for automata}
@end ifnottex
@iftex
the following two sections
@ -3542,7 +3497,7 @@ Algorithm
@node Format for LTL formulas, B@"uchi automata, Translator interface, Interfacing with @command{lbtt}
@node Format for LTL formulas, Format for automata, Translator interface, Interfacing with lbtt
@section Input file format for LTL formulas
@cindex LTL-to-B@"uchi translators, LTL formula input file format
@ -3626,8 +3581,8 @@ line options (@pxref{Command line options}) to prevent
@node B@"uchi automata, , Format for LTL formulas, Interfacing with @command{lbtt}
@section Output file format for B@"uchi automata
@node Format for automata, The lbtt-translate utility, Format for LTL formulas, Interfacing with lbtt
@section Output file format for automata
@cindex file formats, LTL-to-B@"uchi translator output file
@cindex LTL-to-B@"uchi translators, automaton output file format
@ -3644,23 +3599,23 @@ The output file generated by the translator should contain an @var{automaton}
described using the following grammar:
@smallexample
@var{automaton} @r{::=} @var{number-of-states} @var{sp} @var{number-of-acceptance-conditions} @var{states}
@var{automaton} @r{::=} @var{num-states} @var{sp} @var{num-conds} @var{states}
@var{number-of-states} @r{::=} @r{[}0@r{---}9@r{]+}
@var{num-states} @r{::=} @r{[}0@r{---}9@r{]+}
@var{number-of-acceptance-conditions} @r{::=} @r{[}0@r{---}9@r{]+}
@var{num-conds} @r{::=} @r{[}0@r{---}9@r{]+}
@var{states} @r{::=} @var{states} @var{sp} @var{state}
@r{|} @r{// empty}
@r{|} @r{// empty}
@var{state} @r{::=} @var{state-id} @var{sp} @var{initial?} @var{acceptance-conditions} @var{sp} `-1' @var{transitions} @var{sp} `-1'
@var{state} @r{::=} @var{state-id} @var{sp} @var{initial?} @var{conds} @var{sp} `-1' @var{transitions} @var{sp} `-1'
@var{state-id} @r{::=} @r{[}0@r{---}9@r{]+}
@var{initial?} @r{::=} `0' @r{|} `1'
@var{acceptance-conditions} @r{::=} @var{acceptance-conditions} @var{sp} @var{acceptance-set-id}
@r{|} @r{// empty}
@var{conds} @r{::=} @var{conds} @var{sp} @var{acceptance-set-id}
@r{|} @r{// empty}
@var{acceptance-set-id} @r{::=} @r{[}0@r{---}9@r{]+}
@ -3714,7 +3669,7 @@ The state and acceptance condition identifiers need not be successive, and the
states or acceptance conditions can be listed in any order. The only
restrictions are that the identifiers of different states and acceptance
conditions should be unique and that the total number of different identifiers
should equal @var{number-of-states} or @var{number-of-acceptance-conditions},
should equal @var{num-states} or @var{num-conds},
respectively. (The same identifiers can be shared between states and acceptance
conditions, however.)
@ -3778,7 +3733,7 @@ The following example illustrates the file format.
@node The @command{lbtt-translate} utility, References, Interfacing with @command{lbtt}, Top
@node The lbtt-translate utility, , Format for automata, Interfacing with lbtt
@section The @command{lbtt-translate} utility
@cindex @command{lbtt-translate} (executable file)
@ -3847,17 +3802,18 @@ installation instructions. Then add the following @samp{Algorithm} section in
@smallexample
Algorithm
@{
Name = "@var{name for the implementation}"
Path = "@var{path-to-@command{lbtt-translate}} @var{implementation-selector} @var{path-to-executable}"
Name = "@r{[@var{name for the implementation}]}"
Path = "@r{[@var{path-to-@command{lbtt-translate}}]}"
Parameters = "@r{[@var{implementation selector}]} @r{[@var{path to executable}]}"
Enabled = Yes
@}
@end smallexample
@noindent
where @var{path-to-@command{lbtt-translate}} contains the complete path and
where [@var{path-to-@command{lbtt-translate}}] contains the complete path and
file name of the @command{lbtt-translate} tool executable,
@var{implementation-selector} is either of the options @samp{--lbt} or
@samp{--spin}, and @var{path-to-executable} is the full path
[@var{implementation selector}] is either of the options @samp{--lbt} or
@samp{--spin}, and [@var{path to executable}] is the full path
of the tool executable. The names of these executables are usually (assuming
a normal installation) @command{lbt} and @command{spin}, respectively.
@ -3875,7 +3831,7 @@ see a short summary of available options.
@node References, Definitions, The @command{lbtt-translate} utility, Top
@node References, Definitions, Interfacing with lbtt, Top
@unnumbered References
@table @asis
@ -3884,7 +3840,7 @@ E.@: Clarke Jr., O.@: Grumberg and D.@: Peled. Model checking. The MIT Press,
1999.
@item @anchor{[Cou99]} [Cou99]
J-M. Couvreur. On-the-fly verification of linear temporal logic. In
J.-M. Couvreur. On-the-fly verification of linear temporal logic. In
@i{Proceedings of the World Congress on Formal Methods in the Development of
Computing Systems (FM'99), volume I}, volume 1708 of
@i{Lecture Notes in Computer Science}, pages 253---271. Springer-Verlag, 1999.
@ -3892,7 +3848,7 @@ Computing Systems (FM'99), volume I}, volume 1708 of
@item @anchor{[DGV99]} [DGV99]
M.@: Daniele, F.@: Giunchiglia and M.@: Y.@: Vardi. Improved automata
generation for linear temporal logic. In @i{Proceedings of the 11th
International Conference on Computer Aided Verification (CAV'99)}, volume 1633
International Conference on Computer Aided Verification (CAV'99)}, volume 1633
of @i{Lecture Notes in Computer Science}, pages 249---260. Springer-Verlag,
1999.
@ -4001,7 +3957,7 @@ manipulates.
* LTL formulas:: @command{lbtt} uses traditional semantics
for propositional linear temporal
logic.
* Generalized B@"uchi automata:: The B@"uchi automata used by @command{lbtt}
* Generalized automata:: The B@"uchi automata used by @command{lbtt}
have one initial state, labels on
transitions and zero or more
acceptance conditions.
@ -4010,7 +3966,7 @@ manipulates.
@end menu
@node LTL formulas, Generalized B@"uchi automata, Definitions, Definitions
@node LTL formulas, Generalized automata, Definitions, Definitions
@appendixsec LTL formulas
@command{lbtt} uses the traditional definition for propositional linear
@ -4390,8 +4346,8 @@ $(\varphi\;{\bf B}\;\psi) \equiv_{\rm def} \neg(\neg\varphi\;\bf{U}\;\psi)$
@node Generalized B@"uchi automata, State spaces, LTL formulas, Definitions
@appendixsec Generalized B@"uchi automata
@node Generalized automata, State spaces, LTL formulas, Definitions
@appendixsec Generalized automata
@cindex B@"uchi automata, formal definition
@cindex generalized B@"uchi automata, formal definition
@ -4410,7 +4366,7 @@ $2^{AP}$
with one initial state, labels on transitions and zero or more acceptance
conditions.
@appendixsubsec Formal definition of generalized B@"uchi automata
@appendixsubsec Formal definition of generalized automata
Formally, a generalized B@"uchi automaton can be represented as a tuple
@iftex
@ -4575,7 +4531,7 @@ $Q$,
@end ifnottex
the automaton may have many runs on the same input.
A run
A run
@iftex
@tex
$\langle q_0, q_1, q_2, \ldots\rangle$
@ -4699,7 +4655,7 @@ of some states and then adjusting the transition labels appropriately.
@node State spaces, , Generalized B@"uchi automata, Definitions
@node State spaces, , Generalized automata, Definitions
@appendixsec State spaces
@cindex state space, formal definition